Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    SOLVED - openvpn-multiwan-port share tcp 80 not work, pleas help

    Scheduled Pinned Locked Moved OpenVPN
    1 Posts 1 Posters 4.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      marian78
      last edited by

      Hi,

      first, i dont find on forum same configuration and same problem, therefore i wrote this topic.

      I have pfsense 2.1.5 x86 with only setup firewall and suricata.

      Have  this configuration:

      3x WAN (1. 10.0.0.4, 2. 11.0.0.4, 3. 10.0.0.4)
      1x LAN (192.168.0.1)

      Want openvpn server runing on localhost and portforward wan trafic to localhost where bind openvpn server.

      I setup nat:
      WAN1 TCP * * WAN1adress 80 127.0.0.1 1190
      WAN2 TCP * * WAN2adress 80 127.0.0.1 1190
      WAN3 TCP * * WAN3adress 80 127.0.0.1 1190

      I setup Openvpn server:
      …..
      protocol: TCP
      device mode: tun
      interface: localhost
      local port: 1190
      .....
      advanced: push "route 192.168.0.0 255.255.255.0";port-share 10.0.0.4 80;

      Problem is, that i want use on wan side TCP port 80 (http). I added to openvpn server advanced config this:

      port-share 10.0.0.4 80

      But i still have this in client log when connect:
      WARNING: Bad encapsulated packet length from peer (18516), which must be > 0 and <= 1544 -- please ensure that --tun-mtu or --link-mtu is equal on both peers -- this condition could also indicate a possible active attack on the TCP link -- [Attempting restart…]

      EDIT: i changed pfsense webconfigurator listen port to 81 and remove port-share 10.0.0.4 80, with no luck…. Before that i alo try port-share 10.0.0.4 443 also with no luck...

      EDIT2: ok, now i disable on wan bogon and private network and disable NAT to localhost. Now i try what is runing on tcp 80 wan port . And there is pfsense webconfigurator. Is trhere any solution how to force run web configurator only on lan interface (binding only to specific interface)?

      EDIT3: i disable webconfigurator redirection option in advanced menu and switch to https but also with no luck

      EDIT4: got it work, disable webconfigurator redirection, set webconfigurator to use HTTPS, openvpn server bint to localhost on tcp 1194 (default openvpn port), creata NAT rules for all wan "WAN1 TCP * * WAN1adress 80(http) 127.0.0.1 1194(openvpn)", on wan interfaces add allow rule "IPv4 TCP * * WAN1adress 80(http) * * *". Restart and ok...

      pfsense runing in virtual, on HP N54L microserver, 2G RAM, 60G disk, WAN, LAN, DMZ, Wifi, OpenVPN server + client, suricata, pfblocker

      1 Reply Last reply Reply Quote 0
      • First post
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.